From 93aba4ea9f4f6380682a173678a288be6052ba56 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 9 Mar 2022 02:18:03 -0800 Subject: [PATCH] Add LEAP hub Ref https://github.com/2i2c-org/infrastructure/issues/1050 --- .github/workflows/deploy-hubs.yaml | 2 + config/clusters/leap/cluster.yaml | 29 ++++ config/clusters/leap/common.values.yaml | 125 ++++++++++++++++++ .../leap/enc-deployer-credentials.secret.json | 30 +++++ .../leap/enc-grafana-token.secret.yaml | 15 +++ .../clusters/leap/enc-prod.secret.values.yaml | 22 +++ .../leap/enc-staging.secret.values.yaml | 22 +++ config/clusters/leap/support.values.yaml | 14 ++ terraform/gcp/storage.tf | 10 +- 9 files changed, 264 insertions(+), 5 deletions(-) create mode 100644 config/clusters/leap/cluster.yaml create mode 100644 config/clusters/leap/common.values.yaml create mode 100644 config/clusters/leap/enc-deployer-credentials.secret.json create mode 100644 config/clusters/leap/enc-grafana-token.secret.yaml create mode 100644 config/clusters/leap/enc-prod.secret.values.yaml create mode 100644 config/clusters/leap/enc-staging.secret.values.yaml create mode 100644 config/clusters/leap/support.values.yaml diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 9e1154476d..9cbe3f11f5 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -45,6 +45,8 @@ jobs: provider: gcp - cluster_name: pangeo-hubs provider: gcp + - cluster_name: leap + provider: gcp - cluster_name: utoronto provider: kubeconfig - cluster_name: azure.carbonplan diff --git a/config/clusters/leap/cluster.yaml b/config/clusters/leap/cluster.yaml new file mode 100644 index 0000000000..03402ac8fa --- /dev/null +++ b/config/clusters/leap/cluster.yaml @@ -0,0 +1,29 @@ +name: pangeo-hubs +provider: gcp +gcp: + key: enc-deployer-credentials.secret.json + project: leap-pangeo + cluster: leap-cluster + zone: us-central1-b +support: + helm_chart_values_files: + - support.values.yaml +hubs: + - name: staging + display_name: "LEAP Staging" + domain: staging.leap.2i2c.cloud + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - common.values.yaml + - enc-staging.secret.values.yaml + - name: prod + display_name: "LEAP Prod" + domain: leap.2i2c.cloud + helm_chart: daskhub + auth0: + enabled: false + helm_chart_values_files: + - common.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml new file mode 100644 index 0000000000..5d8d0243e5 --- /dev/null +++ b/config/clusters/leap/common.values.yaml @@ -0,0 +1,125 @@ +basehub: + nfs: + enabled: true + pv: + mountOptions: + - soft + - noatime + # Google FileStore IP + serverIP: 10.236.154.106 + # Name of Google Filestore share + baseShareName: /homes/ + jupyterhub: + proxy: + https: + enabled: false + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + cloudResources: + provider: gcp + gcp: + projectId: leap-pangeo + scratchBucket: + enabled: false + homepage: + templateVars: + org: + name: LEAP + url: https://leap-stc.github.io + logo_url: https://leap-stc.github.io/_static/LEAP_logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: LEAP + url: https://leap-stc.github.io + hub: + config: + Authenticator: + # This hub uses GitHub Teams auth and so we don't set + # allowed_users in order to not deny access to valid members of + # the listed teams. These people should have admin access though. + admin_users: + - rabernat + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + allowed_organizations: + - pangeo-data:us-central1-b-gcp + - 2i2c-org:tech-team + scope: + - read:org + singleuser: + image: + name: pangeo/pangeo-notebook + tag: bcfacc5 + profileList: + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. They need to be just under total allocatable + # RAM on a node, not total node capacity + - display_name: "Small (1 GB - 4 GB)" + default: true + kubespawner_override: + cpu_limit: 2 + cpu_guarantee: 0.3 + mem_limit: 4G + mem_guarantee: 1G + node_selector: + node.kubernetes.io/instance-type: n1-standard-4 + - display_name: "Medium (4 GB - 8 GB)" + kubespawner_override: + cpu_limit: 2 + cpu_guarantee: 1 + mem_limit: 8G + mem_guarantee: 4G + node_selector: + node.kubernetes.io/instance-type: n1-standard-8 + - display_name: "Large (12 GB - 16 GB)" + kubespawner_override: + cpu_limit: 4 + cpu_guarantee: 1 + mem_limit: 16G + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + - display_name: "ML Image - Large (12 GB - 16 GB)" + description: "https://github.com/pangeo-data/pangeo-docker-images/tree/master/ml-notebook" + kubespawner_override: + image: "pangeo/ml-notebook:master" + cpu_limit: 2 + cpu_guarantee: 1 + mem_limit: 16G + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: n1-standard-16 + initContainers: + # Need to explicitly fix ownership here, since EFS doesn't do anonuid + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" +dask-gateway: + gateway: + backend: + scheduler: + cores: + request: 0.8 + limit: 1 + memory: + request: 1G + limit: 2G diff --git a/config/clusters/leap/enc-deployer-credentials.secret.json b/config/clusters/leap/enc-deployer-credentials.secret.json new file mode 100644 index 0000000000..0ca3991feb --- /dev/null +++ b/config/clusters/leap/enc-deployer-credentials.secret.json @@ -0,0 +1,30 @@ +{ + "type": "ENC[AES256_GCM,data:bXgwRCCuUFr4lQ2E2SNY,iv:s2f8CNR1otvSWHZjBoPU0g0edG9Z1oxp4DR19P3nFcM=,tag:8uaIHlomCatJ3nO94vm+Xg==,type:str]", + "project_id": "ENC[AES256_GCM,data:XD/SgAyoYBTSryM=,iv:V8+bdV7rBHqQwOweAD7NpTuFlx59MXFfXyIKZfmy0C0=,tag:YuEn+Nx9FoyU5Mz/othl4g==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:RyEVnVqgxNZ1oxHlKAea36r6dSlaqehJJQCNpg4k675vfD8s3oxAYA==,iv:UidkTYHW7UYhVIeLCemr6TfqQlFXstg677iSXkfO6vo=,tag:Yv2f+19B6sKkMZmNuMBm4A==,type:str]", + "private_key": "ENC[AES256_GCM,data:W4ZRkRTfkiaAkXjXOPrrmJlnucwrOvCd6yf3KIr7dTQO3vyQSt/sIcLQWx7T7g3G7F337WUC9M9pXB+ubCxvkBnhetcfLldMhCZMeJaHfDnGx6Ym9sN6BfvkevsCIR+bDnS+ErLEXiMz6YL7KmGijY7OHoV8N0nRzpSDLq9biIjaPt2374lw2NYe+620R32+PNVE1gqkctgWwwIr8ASOhFbMVa643JH7H+Mstc1Nb1pdhXMi4ny0gTeceNV02Tp5YSGQRXLzyc122Z8K/4ziehjTGvwrFr/eUzUlyq4jX9d03T8rxKsXTyXG/PxWWj+WUpF8+dkU8M56pXSAJ19ZcrOwrkeIl5pit/nAJOJuyHh8bB+CrW/bCwQPWcGg6W3INl89S9MdEALPieDPpHXqA+/8ZQc99sAxGhzJ2v55PkX6FY5fN8qqgjj2lFze3Ng3IjqL+2t/qMF+h2GddWXp0axTvArjONhhzeWcUqZxCa7TlqWf960ZtLkRTKm3NCYbq1pqFcLQl8BdpNTeliIXypKSENB9wWRwCybX5U1jryuIolhBBQXHa+Qm92z4kpAIUX3Y9aL5vuS1MRkQnIg30lwyR4Dd48QUElWBLAc0aKbXcbJDchAnufq1yRfPnA1z6Zi0g2AqV1YFQfQ0dVqDm6xUegE4PUkFQPHXoGvmK12YZpTDyNr/h3LXGU/KUJA89LNhdbW1KyPepKqcMYwa5lIsSwAJ4il+FDAtyRPG29sRWbNljKA8qCtMLpQsfFoDE+W4KlzWcSpCvU+8s1fbYxiZ8Wf0nxat8CSC2ZTnoMtHJjHvfYit9QBUIKKCNMGTk6SMincBzqL7BlVqJcRS2QQLcCLdkwS/TOZ/yR/12kSZyNr412QC9yKfS/T0OYS7G6MS0BOwDDHKdGHckkFijoXUV4A/tYOH1F6rkauORZSTsVhNz1aVRG5J253e5TxD3M9O8qhCSyadiWJW2vIyP48Sj+sI5Ppp7ydZYRNfCjQp9VqlRidrQm1LXvbDfimEz0YCYKDba3j60/twUTLSnP2aZ0raetFYj4rUKGmlHo2gwpX/zg57Atfc0GUpkj9x/OIA8g9hSz1b5vDT+XweOoLRu72a0XJoL61XGFcp1lrDiz9tSTYi2s4oqLdOQCl2AJmwwUTg0OEeu1vlU7HupakbMRiyzt011o/roFtZj9AESS61r3LVKDXnIBCnRAOlD98sNaHQp/Lg/v0+DwDTlIK3FiqOPDFiOTxvnWdgs5iwY0600fOzpDa5yuBGrbJ2LIHA7KnPyompkXBk7R0WhvIPZE50x+fCuO+Rn96NCnICmBuYucmrNvNIccRz2nfxKCgeyaDGJkFnD0Qwuq4yhVuRe0PAadXrXCdauAuDEhDFJr4j/VkVD3t88ijkSf8he+XC962qi9FanjbSnqZUK1osh30m+cMb2UeVFKIORMoNeXW6vd4sCFOoNCPSlIXckms8b6R14sOrfMZd+g5w/L0I6mhJ04G1FNN6wvD5F6PTa1g/8NgQwxx4ymRtcHq1EoIUZWDauKDEJzMgGXGwzjHOJ5yuoPTzPqunSrYZowAjX+XsHq0YwuAZuza2NyEB1PNPOYHEem2iJRGVIbfnnKWUuGCg378azKnbojwQ6s1dUtUlnSaBkbipgRd+mAuc418vfjljDqEjOvSf6kfV3pKXjTWQlOJJn5YOXYonjsKe9jG5H7HW+QnZpteCT5KtrTpeBjs26R+9frm/+WMUGZJMsDtB1NvgC14MXoS8gh+6DtVXyRG0e8cGK0ICCWzbNB7s09sG8/AZ9EaecUW7ou4SLQg58fqKGXx80VUl7N8Ud0j+WyhlCSbqmm78PL86g64NW4K4ltG9+wxkihiShfxZ+/mJvnwObu3y0nBhzz2ebhQ+gAN6A+sljTXaSQ7RkHWIy1RMVRKW0j37cqlhUUbMykUqo5O5O3QZCzDN7zTQIKugRbeOCx4IPyzSObsmXxG8ebhqWCwqPZgJHJa9dJWli1YEYn7/6Z0Ll/MAAC/oPZkFz0b6/wI1UkuhwhXpOqBvnhYSh5n1kUZ2RdNds02UUkU5rbAviW4519zITFMQ0TpfeZK18VsXha5myG4exzwlP5IIHUqGx/5JD/RfNQ8cRJ2tZKZcWq6QgVsJERtP7iMHIUndofwTbNT5VPC9Y5qHbwnlQziyRtFAqKU+kvoDVi2L9607lFUlrRD3Mt+dUTL9zPSi3qrGgQHw9HQMeI+k2ZdZoQm3fata5VPL0419eb8xivSq,iv:EgD4FRnPUx3eF7lO7mrfjYmmx1QxfGYi5PYbbFh0E/A=,tag:aTr3QIHfxhtdovqFj2R23g==,type:str]", + "client_email": "ENC[AES256_GCM,data:1pYHCwTtM2blwTR0PYzRdZxEAcigHYc+dFI0o6H3NfV4Gdp2BI9tSxGsoPxFhg==,iv:XQ9uTRrFoN7DSa1X7lYv89k2uY2o+dOh9MYC6VRkCrc=,tag:nTi4NKlTJn1X8OW55m5rxA==,type:str]", + "client_id": "ENC[AES256_GCM,data:U6WS704VI9XtGpPqfm9lxWR3Q7Mi,iv:/xvGuEGfsJcWxqTW2Z9JJSamJ5vrKIJhpkonB+IRDrI=,tag:yBgTt0CgdCmcIvtgiSs5yg==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:0qByuvHwcpGgzitfrLq1BF+fYbvPaw0GSLgV9ap6UeVW2Obi30SAyEg=,iv:Su94WLXfURaDcYS6kfq3pNScwcmvVOIHEQmr4nL0m+U=,tag:36JEZaLat0pIabEE9+7HUw==,type:str]", + "token_uri": "ENC[AES256_GCM,data:VopsA3EwGJMYx9e9aGln1JQpYbpNw13z1yT7e92VsjdLYfw=,iv:LmpzRcY2tZVspy7CYMMnORybq9zwcgNRCeCuFyKGV5E=,tag:d2VfyqSA+FpQgCF68lp3Hw==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:XctyK5UvsjLXpDf2nuvHrrPb6Xeof80vd4voZTT4lHj1PqScsFxCQx0h,iv:kwvSoStJdIUbMJasX6r0i0Ahh5vWdbKQdfgNNAfApso=,tag:+mWUAoiF/K8sS/bWRxQBpg==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:8X40APDF+qU0QxB/fAl9d3QEK+xV+nadmiEGXWeDVUwWhfHDvKGfmxhQpuq9Jlezh78ZJqk582gji9zbk76jj96MKsDpCTLxVk0afc2kAHhfdWyZr3rWCsApZx1bsJx6Jzs=,iv:86Y1ykaCpyF+GASy9V+wxfmagZgIjFcUqO+f+IV7wuw=,tag:gSHMz9BeGIpMrufCeLoKvA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2022-03-09T10:01:06Z", + "enc": "CiQA4OM7eL+21cxRUstcvIlnsMZrFbLDsiQpXe8XPMnIpbe033ISSADm5XgWSJUtlvvXtnkfqnnyCGz/4hSG6Sm1Mb2C713GGAJrg8oILKXAhrQn7Grp9Ayi48nhjXLltdNRBdEJWkLVv6WvLWcktA==" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-03-09T10:01:07Z", + "mac": "ENC[AES256_GCM,data:R82w7fgEsBoeU/EN4eHS/0IFijn0ts3SjE46/LGpQbb+NtvFf4ynmvp7GOpbV03J9GgWpY1vaoREkkrtbNg+CUNLpbHx4Bg2LFz1QFCYuG6NN/7DbunvEQwHZrd1QmA4MX0CsnQzWzrrXSvZw2W8AX1HNeo9bClvdHOBzGlZctQ=,iv:1Vjso4F+eO+gV1gsx+4OMzxh9WEsC5COZaI+LLmC4kU=,tag:b215foOX/93CciksTJCUDA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/config/clusters/leap/enc-grafana-token.secret.yaml b/config/clusters/leap/enc-grafana-token.secret.yaml new file mode 100644 index 0000000000..9c659805f2 --- /dev/null +++ b/config/clusters/leap/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:PBK+VcnU3cq2cVa7nZwJyVdWWwkcsxslGKiH1nhxBpgFEKC8iylsxhEZb5c89Hy15tFxZ4qNfCOZ4ztwrIVsCQ==,iv:Y+KqfLhpJvgYBw/6IP9Rg3w+qbnS1amvBf2QgFvPx/U=,tag:owkBbmy0W6bUbqtIJepOqg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-02-24T17:56:52Z" + enc: CiQA4OM7eA1jS3a2zwDnUXuczQfvJW5u9Zp3QHRgCZjXk1ha/P4SSQDm5XgWif8sOYLkjo9k+hTKISv4PddEGATlvRChHeNZREfg2nreeDYujK6tOdiXplp8Yzv+uWxnxxUvlYPbhvReCDgmuEKLGI0= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-03-09T09:29:33Z" + mac: ENC[AES256_GCM,data:ymz/1FyIv7KwvB46+NBBEsDLncBSh1b5NNxRrAxgIq7leOWBjHWkrh7kwWBGc5i2dIHsZ39VhG/AHZLZtXlp0ef9+JZyHUcejCLl2aOSbNB+6CqPLLh1ps63bUQYiKB7D7hec//hRMAu+CyT9UHYJkhj4jHT+hMtRgou800LcWA=,iv:6qzJEV9ktMy7jLoHDeAKFjh2CkGgMq7Go6P7+/3NFOo=,tag:s/xCYa0ttNl4yOJDGTy53g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/config/clusters/leap/enc-prod.secret.values.yaml b/config/clusters/leap/enc-prod.secret.values.yaml new file mode 100644 index 0000000000..6d097ee8ea --- /dev/null +++ b/config/clusters/leap/enc-prod.secret.values.yaml @@ -0,0 +1,22 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:auopWrLSGIBDtQ4PrZZMYe5XFWM=,iv:+tzBIkE6R3PfJm7oYyJOq84yyD6tB3GXeQ++sYPU7S8=,tag:vQrhczBhRRaFoqqwRWeGHg==,type:str] + client_secret: ENC[AES256_GCM,data:xLL5GJTKSnucssmIQjVhCUwwXyZaYl54/+QzXPFx0dJpX63kaeJufw==,iv:2cyHZvDaoNQtlKiPKf2ACoNuvlww6WE7vcGG6jVXISI=,tag:IRcogW5ZDZWA6Pv8DyVcPg==,type:str] + oauth_callback_url: ENC[AES256_GCM,data:d+/oCcmELV7Tvfe86P4YH8DCnLHI0yid0WoUWH0IKT022b9Ba/rnptYp,iv:SVHQK5yK26JOHV6uWycsLYUk42g6Kl8RahOf5oMbqxc=,tag:HjT+HYo30qqP5yCKcgVZCQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-02-24T18:31:21Z" + enc: CiQA4OM7eNU4/NC1GSyOypie5mku2r/szfsjQHdxf5CkEib8PWISSQDm5XgWPd3+MJEgP6vyMdkr+5xZCc0MbF1aoNtwLVU/Z9PKOZsw2UgcoYIAHxpoMCm9aC2mS+qZJyq7N5GnR0xxIc3cGMNybVo= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-03-09T09:36:42Z" + mac: ENC[AES256_GCM,data:DfmVtvbHRczSN/9KawreI79Hw9rQExWcpu7UJlCgBSxdA05oiEg+sr3Ylv5Qzthn+v0uYMb3pFWWmJrfz2LoY8Rc7HGWRKNTFvgykE/DX7JHyN5MbM6BvQNHGQeCn2Jcu2QhZvQbm5XgY0KOMJu/3y+DZui8NR2BDpXdco+YCl8=,iv:XHeme2xxOHx+zwixzLugknI0lUuhB+nTtwbVjo6bAE0=,tag:5rPqQL/si+x0VREW0LnkoA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/config/clusters/leap/enc-staging.secret.values.yaml b/config/clusters/leap/enc-staging.secret.values.yaml new file mode 100644 index 0000000000..15ec79a6d3 --- /dev/null +++ b/config/clusters/leap/enc-staging.secret.values.yaml @@ -0,0 +1,22 @@ +basehub: + jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:+AMr1i/FBcFuMHVbLXf7dqfvsWc=,iv:6SyzEQjAgag1ReUANQpKpqzbkZQzXXgztqYY+keuC14=,tag:IfcPSe5+GaSDkFM7lqIemg==,type:str] + client_secret: ENC[AES256_GCM,data:wn3bphxQWosKZC596MSVHiNt0d1BuRmR19YX/FK9mcdmvO1IswQVpQ==,iv:cm2FGIjpXnjOHMUnuGeB1WYAjozErtuYSx99737vtVw=,tag:ZBNPrQCPqGiz+ttCNIE/Ag==,type:str] + oauth_callback_url: ENC[AES256_GCM,data:COFoMWuv8XAmHHHcKh0CohhU63qfTAlRzMVeA0fn9aP7U3KBRuYP6yw/Qh8REDnpgXo=,iv:SL9AE00Gr1VFht9jWIS4ipSX+nAnmii5iNX37l19aTA=,tag:mydwvSO+CjurZF2HkkHe8A==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2022-02-24T18:04:17Z" + enc: CiQA4OM7eP6diuWK5cq1WJfLBHrUaMLetApVQYdQJjlOFUKSsHASSQDm5XgW8L7w2ZN+LPLHBMIcfpO6YIBeajtpkKFnTdpRgbhgR7+fb9p4HHT8z3H1U7nwKuOaQPtsXj2e8ZPjWr/2tqy6ramzlhU= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-03-09T09:32:24Z" + mac: ENC[AES256_GCM,data:f0GDINNXc/xX4Ir0ayXvfgMeZzdqIekpgNPkOtOX80a09wS2AWWG58g36uf6pQwi+WTgDFnIL8TUPxjt3SVCJhKuKtFWuYQW35h3qwoHcsTD6thKASfQtD3CyJaMAzuZkYQYIqHhCFAYIr9cCruxnbOzCK+1b3I3ScAYyj+dBWo=,iv:LX+hyL5S3djX7UWPo6OZ0/+vuk6Jbx2GDFpvt46K1/I=,tag:LE3GBK1vgRavlN8ol89ruQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/config/clusters/leap/support.values.yaml b/config/clusters/leap/support.values.yaml new file mode 100644 index 0000000000..ae10e7bab0 --- /dev/null +++ b/config/clusters/leap/support.values.yaml @@ -0,0 +1,14 @@ +grafana: + ingress: + hosts: + - grafana.leap.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.leap.2i2c.cloud +prometheus: + server: + resources: + limits: + cpu: 2 + memory: 12Gi diff --git a/terraform/gcp/storage.tf b/terraform/gcp/storage.tf index 0d6b5b895a..7db0a79d83 100644 --- a/terraform/gcp/storage.tf +++ b/terraform/gcp/storage.tf @@ -1,8 +1,8 @@ resource "google_filestore_instance" "homedirs" { - name = "${var.prefix}-homedirs" - zone = var.zone - tier = var.filestore_tier + name = "${var.prefix}-homedirs" + zone = var.zone + tier = var.filestore_tier project = var.project_id count = var.enable_filestore ? 1 : 0 @@ -19,7 +19,7 @@ resource "google_filestore_instance" "homedirs" { } networks { - network = var.enable_private_cluster ? data.google_compute_network.default_network.name : null + network = google_container_cluster.cluster.network modes = ["MODE_IPV4"] } -} \ No newline at end of file +}